Andrew Hay: What the A Team Can Teach Us About Information Security

From the I wish I had thought of that department, this is a hilarious post from Andrew Hay (here)…

Colonel John “Hannibal” Smith

I love it when a plan comes together.

Who doesn’t? If you don’t properly document your security policies and procedures how can you hope to be able to operate your security program effectively? If the plan doesn’t “come together” then you’re just asking for trouble. Take it from Hannibal, make sure your security policies and procedures are easy to follow, comprehensive, and constantly updated. By the way this is possibly the wisest thing ever said while holding a submachine gun and smoking a cigar.

Classic Hannibal quote – “Hickory dickory dock / The mouse ran up the clock / The clock struck one / Down he run / You smell worse than my socks.”

Captain H.M. “Howlin’ Mad” Murdock

I don’t wanna be a secret weapon! I want to be an exposed weapon!

This is exactly how I want security professionals to be viewed. I would prefer that people knew who/what the security professionals are/do. The security department shouldn’t be used as a secret weapon but rather as the tip of the spear. Users need to be educated on the role of the security professionals within the organization so that they know by whom the consequences outlined in the organizational polices are enforced. Murdock might be crazy, but people tend not to screw with the crazy people

Sergeant Bosco “B.A.” Baracus

When punks start hasslin’ decent people, I make it my bidness.

“Punks” being malicious entities (i.e. hackers, malware, and so on) and “hasslin” referring to disrupting the regular flow of operations makes this the coolest way to explain a security professional’s job to the layperson. Our goal is to ensure the safety of those who do not have the required skills or ability to protect themselves from a technological attack. Who knew that Mr. T would be such a forward thinking individual

Lieutenant Templeton “Face” Peck

The key to any con is to place the mark in a position where he or she thinks reward will come or harm will be avoided if he or she does exactly as told by the conman.

I struggled to find a good positive one for Face since his role was always that of the conman. The above quote, however, is a good reminder of the purpose behind social engineering attacks. The attacker is out to gain your confidence (did you know that the ‘con’ in ‘conman’ meant confidence?) and trick you, the mark, into revealing information that they can use against you and your organization. If it doesn’t feel right…then don’t fall for it!